From c655e1a349edf6b46c9f562610a0f60b912a621c Mon Sep 17 00:00:00 2001
From: Florian Schaal <info@schaal-24.de>
Date: Thu, 1 Jun 2017 12:47:12 +0200
Subject: [PATCH] option to disable pre-check for LE (#4658)

---
 install/tpl/server.ini.master                        |  1 +
 interface/web/admin/form/server_config.tform.php     |  9 +++++++++
 interface/web/admin/lib/lang/ar_server_config.lng    |  1 +
 interface/web/admin/lib/lang/bg_server_config.lng    |  1 +
 interface/web/admin/lib/lang/br_server_config.lng    |  1 +
 interface/web/admin/lib/lang/ca_server_config.lng    |  1 +
 interface/web/admin/lib/lang/cz_server_config.lng    |  1 +
 interface/web/admin/lib/lang/de_server_config.lng    |  1 +
 interface/web/admin/lib/lang/dk_server_config.lng    |  1 +
 interface/web/admin/lib/lang/el_server_config.lng    |  1 +
 interface/web/admin/lib/lang/en_server_config.lng    |  1 +
 interface/web/admin/lib/lang/es_server_config.lng    |  1 +
 interface/web/admin/lib/lang/fi_server_config.lng    |  1 +
 interface/web/admin/lib/lang/fr_server_config.lng    |  1 +
 interface/web/admin/lib/lang/hr_server_config.lng    |  1 +
 interface/web/admin/lib/lang/hu_server_config.lng    |  1 +
 interface/web/admin/lib/lang/id_server_config.lng    |  1 +
 interface/web/admin/lib/lang/it_server_config.lng    |  1 +
 interface/web/admin/lib/lang/ja_server_config.lng    |  1 +
 interface/web/admin/lib/lang/nl_server_config.lng    |  1 +
 interface/web/admin/lib/lang/pl_server_config.lng    |  1 +
 interface/web/admin/lib/lang/pt_server_config.lng    |  1 +
 interface/web/admin/lib/lang/ro_server_config.lng    |  1 +
 interface/web/admin/lib/lang/ru_server_config.lng    |  1 +
 interface/web/admin/lib/lang/se_server_config.lng    |  1 +
 interface/web/admin/lib/lang/sk_server_config.lng    |  1 +
 interface/web/admin/lib/lang/tr_server_config.lng    |  1 +
 .../web/admin/templates/server_config_web_edit.htm   |  4 ++++
 server/plugins-available/apache2_plugin.inc.php      | 12 ++++++++----
 server/plugins-available/nginx_plugin.inc.php        | 12 ++++++++----
 30 files changed, 55 insertions(+), 8 deletions(-)

diff --git a/install/tpl/server.ini.master b/install/tpl/server.ini.master
index 17560ee8cf..b32cf0189b 100644
--- a/install/tpl/server.ini.master
+++ b/install/tpl/server.ini.master
@@ -89,6 +89,7 @@ php_ini_path_cgi=/etc/php5/cgi/php.ini
 check_apache_config=y
 enable_sni=y
 enable_spdy=n
+skip_le_check=n
 enable_ip_wildcard=y
 overtraffic_notify_admin=y
 overtraffic_notify_client=y
diff --git a/interface/web/admin/form/server_config.tform.php b/interface/web/admin/form/server_config.tform.php
index 9343084d04..5cf56ca537 100644
--- a/interface/web/admin/form/server_config.tform.php
+++ b/interface/web/admin/form/server_config.tform.php
@@ -1228,6 +1228,15 @@ $form["tabs"]['web'] = array(
 			'width' => '40',
 			'maxlength' => '255'
 		),
+		'skip_le_check' => array (
+			'datatype' => 'VARCHAR',
+			'formtype' => 'CHECKBOX',
+			'default'  => 'n',
+			'value' => array (
+				0 => 'n',
+				1 => 'y'
+			)
+		),
 		//#################################
 		// ENDE Datatable fields
 		//#################################
diff --git a/interface/web/admin/lib/lang/ar_server_config.lng b/interface/web/admin/lib/lang/ar_server_config.lng
index c138039b74..9d4622f0bf 100644
--- a/interface/web/admin/lib/lang/ar_server_config.lng
+++ b/interface/web/admin/lib/lang/ar_server_config.lng
@@ -281,4 +281,5 @@ $wb['xmpp_port_https_txt'] = 'HTTPS';
 $wb['xmpp_port_pastebin_txt'] = 'Pastebin';
 $wb['xmpp_port_bosh_txt'] = 'BOSH';
 $wb['backup_time_txt'] = 'Backup time';
+$wb['skip_le_check_txt'] = 'Skip Lets Encrypt Check';
 ?>
diff --git a/interface/web/admin/lib/lang/bg_server_config.lng b/interface/web/admin/lib/lang/bg_server_config.lng
index 1b80911574..671de95ab9 100644
--- a/interface/web/admin/lib/lang/bg_server_config.lng
+++ b/interface/web/admin/lib/lang/bg_server_config.lng
@@ -281,4 +281,5 @@ $wb['xmpp_port_https_txt'] = 'HTTPS';
 $wb['xmpp_port_pastebin_txt'] = 'Pastebin';
 $wb['xmpp_port_bosh_txt'] = 'BOSH';
 $wb['backup_time_txt'] = 'Backup time';
+$wb['skip_le_check_txt'] = 'Skip Lets Encrypt Check';
 ?>
diff --git a/interface/web/admin/lib/lang/br_server_config.lng b/interface/web/admin/lib/lang/br_server_config.lng
index 2fab69f963..f4bcb4da6d 100644
--- a/interface/web/admin/lib/lang/br_server_config.lng
+++ b/interface/web/admin/lib/lang/br_server_config.lng
@@ -281,4 +281,5 @@ $wb['xmpp_port_https_txt'] = 'HTTPS';
 $wb['xmpp_port_pastebin_txt'] = 'Pastebin';
 $wb['xmpp_port_bosh_txt'] = 'BOSH';
 $wb['backup_time_txt'] = 'Hora do backup';
+$wb['skip_le_check_txt'] = 'Skip Lets Encrypt Check';
 ?>
diff --git a/interface/web/admin/lib/lang/ca_server_config.lng b/interface/web/admin/lib/lang/ca_server_config.lng
index bbc485f1c1..5309d986c5 100644
--- a/interface/web/admin/lib/lang/ca_server_config.lng
+++ b/interface/web/admin/lib/lang/ca_server_config.lng
@@ -281,4 +281,5 @@ $wb['xmpp_port_bosh_txt'] = 'BOSH';
 $wb['disable_bind_log_txt'] = 'Disable bind9 messages for Loglevel WARN';
 $wb['apps_vhost_enabled_txt'] = 'Apps-vhost enabled';
 $wb['backup_time_txt'] = 'Backup time';
+$wb['skip_le_check_txt'] = 'Skip Lets Encrypt Check';
 ?>
diff --git a/interface/web/admin/lib/lang/cz_server_config.lng b/interface/web/admin/lib/lang/cz_server_config.lng
index b45d699151..0bc67a1659 100644
--- a/interface/web/admin/lib/lang/cz_server_config.lng
+++ b/interface/web/admin/lib/lang/cz_server_config.lng
@@ -281,4 +281,5 @@ $wb['hostname_txt'] = 'Název hostitele';
 $wb['hostname_error_empty'] = 'Název hostitele je prázdný';
 $wb['hostname_error_regex'] = 'Neplatný název hostitele.';
 $wb['backup_time_txt'] = 'Spustit zálohovaní v';
+$wb['skip_le_check_txt'] = 'Skip Lets Encrypt Check';
 ?>
diff --git a/interface/web/admin/lib/lang/de_server_config.lng b/interface/web/admin/lib/lang/de_server_config.lng
index 3c637ba5a6..6e5cec146d 100644
--- a/interface/web/admin/lib/lang/de_server_config.lng
+++ b/interface/web/admin/lib/lang/de_server_config.lng
@@ -281,4 +281,5 @@ $wb['xmpp_port_http_txt'] = 'HTTP';
 $wb['xmpp_port_https_txt'] = 'HTTPS';
 $wb['xmpp_port_pastebin_txt'] = 'Pastebin';
 $wb['xmpp_port_bosh_txt'] = 'BOSH';
+$wb['skip_le_check_txt'] = 'Skip Lets Encrypt Check';
 ?>
diff --git a/interface/web/admin/lib/lang/dk_server_config.lng b/interface/web/admin/lib/lang/dk_server_config.lng
index 4d154999c9..a8cc531fa6 100644
--- a/interface/web/admin/lib/lang/dk_server_config.lng
+++ b/interface/web/admin/lib/lang/dk_server_config.lng
@@ -281,4 +281,5 @@ $wb['xmpp_port_pastebin_txt'] = 'Pastebin';
 $wb['xmpp_port_bosh_txt'] = 'BOSH';
 $wb['disable_bind_log_txt'] = 'Disable bind9 messages for Loglevel WARN';
 $wb['apps_vhost_enabled_txt'] = 'Apps-vhost enabled';
+$wb['skip_le_check_txt'] = 'Skip Lets Encrypt Check';
 ?>
diff --git a/interface/web/admin/lib/lang/el_server_config.lng b/interface/web/admin/lib/lang/el_server_config.lng
index 2adaa82096..b270bf537c 100644
--- a/interface/web/admin/lib/lang/el_server_config.lng
+++ b/interface/web/admin/lib/lang/el_server_config.lng
@@ -281,4 +281,5 @@ $wb['xmpp_port_https_txt'] = 'HTTPS';
 $wb['xmpp_port_pastebin_txt'] = 'Pastebin';
 $wb['xmpp_port_bosh_txt'] = 'BOSH';
 $wb['backup_time_txt'] = 'Backup time';
+$wb['skip_le_check_txt'] = 'Skip Lets Encrypt Check';
 ?>
diff --git a/interface/web/admin/lib/lang/en_server_config.lng b/interface/web/admin/lib/lang/en_server_config.lng
index 3cafef1cf9..018904cc78 100644
--- a/interface/web/admin/lib/lang/en_server_config.lng
+++ b/interface/web/admin/lib/lang/en_server_config.lng
@@ -284,4 +284,5 @@ $wb['xmpp_port_pastebin_txt'] = 'Pastebin';
 $wb['xmpp_port_bosh_txt'] = 'BOSH';
 $wb["disable_bind_log_txt"] = "Disable bind9 messages for Loglevel WARN";
 $wb["apps_vhost_enabled_txt"] = "Apps-vhost enabled";
+$wb['skip_le_check_txt'] = 'Skip Lets Encrypt Check';
 ?>
diff --git a/interface/web/admin/lib/lang/es_server_config.lng b/interface/web/admin/lib/lang/es_server_config.lng
index c6f75e49c2..7d15c884dc 100755
--- a/interface/web/admin/lib/lang/es_server_config.lng
+++ b/interface/web/admin/lib/lang/es_server_config.lng
@@ -281,4 +281,5 @@ $wb['xmpp_server_admins_txt'] = 'Administradores del Servidor (JIDs)';
 $wb['xmpp_server_txt'] = 'Servidor XMPP';
 $wb['xmpp_use_ipv6_txt'] = 'Usar IPv6';
 $wb['backup_time_txt'] = 'Backup time';
+$wb['skip_le_check_txt'] = 'Skip Lets Encrypt Check';
 ?>
diff --git a/interface/web/admin/lib/lang/fi_server_config.lng b/interface/web/admin/lib/lang/fi_server_config.lng
index 846dfa3b9e..837b9d7672 100755
--- a/interface/web/admin/lib/lang/fi_server_config.lng
+++ b/interface/web/admin/lib/lang/fi_server_config.lng
@@ -281,4 +281,5 @@ $wb['xmpp_port_https_txt'] = 'HTTPS';
 $wb['xmpp_port_pastebin_txt'] = 'Pastebin';
 $wb['xmpp_port_bosh_txt'] = 'BOSH';
 $wb['backup_time_txt'] = 'Backup time';
+$wb['skip_le_check_txt'] = 'Skip Lets Encrypt Check';
 ?>
diff --git a/interface/web/admin/lib/lang/fr_server_config.lng b/interface/web/admin/lib/lang/fr_server_config.lng
index f0a2dc3aa1..dbc744962a 100644
--- a/interface/web/admin/lib/lang/fr_server_config.lng
+++ b/interface/web/admin/lib/lang/fr_server_config.lng
@@ -281,4 +281,5 @@ $wb['xmpp_port_bosh_txt'] = 'BOSH';
 $wb['disable_bind_log_txt'] = 'Disable bind9 messages for Loglevel WARN';
 $wb['apps_vhost_enabled_txt'] = 'Apps-vhost enabled';
 $wb['backup_time_txt'] = 'Backup time';
+$wb['skip_le_check_txt'] = 'Skip Lets Encrypt Check';
 ?>
diff --git a/interface/web/admin/lib/lang/hr_server_config.lng b/interface/web/admin/lib/lang/hr_server_config.lng
index a2a8447f89..df7236cf54 100644
--- a/interface/web/admin/lib/lang/hr_server_config.lng
+++ b/interface/web/admin/lib/lang/hr_server_config.lng
@@ -281,4 +281,5 @@ $wb['xmpp_port_https_txt'] = 'HTTPS';
 $wb['xmpp_port_pastebin_txt'] = 'Pastebin';
 $wb['xmpp_port_bosh_txt'] = 'BOSH';
 $wb['backup_time_txt'] = 'Backup time';
+$wb['skip_le_check_txt'] = 'Skip Lets Encrypt Check';
 ?>
diff --git a/interface/web/admin/lib/lang/hu_server_config.lng b/interface/web/admin/lib/lang/hu_server_config.lng
index 5c1ddf869f..6b35c2d135 100644
--- a/interface/web/admin/lib/lang/hu_server_config.lng
+++ b/interface/web/admin/lib/lang/hu_server_config.lng
@@ -281,4 +281,5 @@ $wb['xmpp_port_https_txt'] = 'HTTPS';
 $wb['xmpp_port_pastebin_txt'] = 'Pastebin';
 $wb['xmpp_port_bosh_txt'] = 'BOSH';
 $wb['backup_time_txt'] = 'Backup time';
+$wb['skip_le_check_txt'] = 'Skip Lets Encrypt Check';
 ?>
diff --git a/interface/web/admin/lib/lang/id_server_config.lng b/interface/web/admin/lib/lang/id_server_config.lng
index 4634444838..9752fb0a08 100644
--- a/interface/web/admin/lib/lang/id_server_config.lng
+++ b/interface/web/admin/lib/lang/id_server_config.lng
@@ -281,4 +281,5 @@ $wb['xmpp_port_https_txt'] = 'HTTPS';
 $wb['xmpp_port_pastebin_txt'] = 'Pastebin';
 $wb['xmpp_port_bosh_txt'] = 'BOSH';
 $wb['backup_time_txt'] = 'Backup time';
+$wb['skip_le_check_txt'] = 'Skip Lets Encrypt Check';
 ?>
diff --git a/interface/web/admin/lib/lang/it_server_config.lng b/interface/web/admin/lib/lang/it_server_config.lng
index 0905e87768..f9b0922e8c 100644
--- a/interface/web/admin/lib/lang/it_server_config.lng
+++ b/interface/web/admin/lib/lang/it_server_config.lng
@@ -281,4 +281,5 @@ $wb['xmpp_port_bosh_txt'] = 'BOSH';
 $wb['disable_bind_log_txt'] = 'Disable bind9 messages for Loglevel WARN';
 $wb['apps_vhost_enabled_txt'] = 'Apps-vhost enabled';
 $wb['backup_time_txt'] = 'Backup time';
+$wb['skip_le_check_txt'] = 'Skip Lets Encrypt Check';
 ?>
diff --git a/interface/web/admin/lib/lang/ja_server_config.lng b/interface/web/admin/lib/lang/ja_server_config.lng
index 1f18fcf7ce..275c4ecb3f 100644
--- a/interface/web/admin/lib/lang/ja_server_config.lng
+++ b/interface/web/admin/lib/lang/ja_server_config.lng
@@ -281,4 +281,5 @@ $wb['xmpp_port_https_txt'] = 'HTTPS';
 $wb['xmpp_port_pastebin_txt'] = 'Pastebin';
 $wb['xmpp_port_bosh_txt'] = 'BOSH';
 $wb['backup_time_txt'] = 'Backup time';
+$wb['skip_le_check_txt'] = 'Skip Lets Encrypt Check';
 ?>
diff --git a/interface/web/admin/lib/lang/nl_server_config.lng b/interface/web/admin/lib/lang/nl_server_config.lng
index 2e0f048761..65dfdad431 100644
--- a/interface/web/admin/lib/lang/nl_server_config.lng
+++ b/interface/web/admin/lib/lang/nl_server_config.lng
@@ -281,4 +281,5 @@ $wb['xmpp_port_https_txt'] = 'HTTPS';
 $wb['xmpp_port_pastebin_txt'] = 'Pastebin';
 $wb['xmpp_port_bosh_txt'] = 'BOSH';
 $wb['backup_time_txt'] = 'Backup time';
+$wb['skip_le_check_txt'] = 'Skip Lets Encrypt Check';
 ?>
diff --git a/interface/web/admin/lib/lang/pl_server_config.lng b/interface/web/admin/lib/lang/pl_server_config.lng
index 3ef015a968..c2092a1c19 100644
--- a/interface/web/admin/lib/lang/pl_server_config.lng
+++ b/interface/web/admin/lib/lang/pl_server_config.lng
@@ -281,4 +281,5 @@ $wb['xmpp_port_https_txt'] = 'HTTPS';
 $wb['xmpp_port_pastebin_txt'] = 'Pastebin';
 $wb['xmpp_port_bosh_txt'] = 'BOSH';
 $wb['backup_time_txt'] = 'Backup time';
+$wb['skip_le_check_txt'] = 'Skip Lets Encrypt Check';
 ?>
diff --git a/interface/web/admin/lib/lang/pt_server_config.lng b/interface/web/admin/lib/lang/pt_server_config.lng
index 566b93037c..7e5cbf79f1 100644
--- a/interface/web/admin/lib/lang/pt_server_config.lng
+++ b/interface/web/admin/lib/lang/pt_server_config.lng
@@ -281,4 +281,5 @@ $wb['xmpp_port_https_txt'] = 'HTTPS';
 $wb['xmpp_port_pastebin_txt'] = 'Pastebin';
 $wb['xmpp_port_bosh_txt'] = 'BOSH';
 $wb['backup_time_txt'] = 'Backup time';
+$wb['skip_le_check_txt'] = 'Skip Lets Encrypt Check';
 ?>
diff --git a/interface/web/admin/lib/lang/ro_server_config.lng b/interface/web/admin/lib/lang/ro_server_config.lng
index 7d3c64a13f..fd2b3f832f 100644
--- a/interface/web/admin/lib/lang/ro_server_config.lng
+++ b/interface/web/admin/lib/lang/ro_server_config.lng
@@ -281,4 +281,5 @@ $wb['xmpp_port_https_txt'] = 'HTTPS';
 $wb['xmpp_port_pastebin_txt'] = 'Pastebin';
 $wb['xmpp_port_bosh_txt'] = 'BOSH';
 $wb['backup_time_txt'] = 'Backup time';
+$wb['skip_le_check_txt'] = 'Skip Lets Encrypt Check';
 ?>
diff --git a/interface/web/admin/lib/lang/ru_server_config.lng b/interface/web/admin/lib/lang/ru_server_config.lng
index cf6545d7af..bf6386a06f 100644
--- a/interface/web/admin/lib/lang/ru_server_config.lng
+++ b/interface/web/admin/lib/lang/ru_server_config.lng
@@ -281,4 +281,5 @@ $wb['xmpp_port_https_txt'] = 'HTTPS';
 $wb['xmpp_port_pastebin_txt'] = 'Pastebin';
 $wb['xmpp_port_bosh_txt'] = 'BOSH';
 $wb['backup_time_txt'] = 'Время копирования';
+$wb['skip_le_check_txt'] = 'Skip Lets Encrypt Check';
 ?>
diff --git a/interface/web/admin/lib/lang/se_server_config.lng b/interface/web/admin/lib/lang/se_server_config.lng
index 8072085991..d3fa0402eb 100644
--- a/interface/web/admin/lib/lang/se_server_config.lng
+++ b/interface/web/admin/lib/lang/se_server_config.lng
@@ -281,4 +281,5 @@ $wb['xmpp_port_https_txt'] = 'HTTPS';
 $wb['xmpp_port_pastebin_txt'] = 'Pastebin';
 $wb['xmpp_port_bosh_txt'] = 'BOSH';
 $wb['backup_time_txt'] = 'Backup time';
+$wb['skip_le_check_txt'] = 'Skip Lets Encrypt Check';
 ?>
diff --git a/interface/web/admin/lib/lang/sk_server_config.lng b/interface/web/admin/lib/lang/sk_server_config.lng
index f639d463ce..5ee3ab78d8 100644
--- a/interface/web/admin/lib/lang/sk_server_config.lng
+++ b/interface/web/admin/lib/lang/sk_server_config.lng
@@ -281,4 +281,5 @@ $wb['xmpp_port_https_txt'] = 'HTTPS';
 $wb['xmpp_port_pastebin_txt'] = 'Pastebin';
 $wb['xmpp_port_bosh_txt'] = 'BOSH';
 $wb['backup_time_txt'] = 'Backup time';
+$wb['skip_le_check_txt'] = 'Skip Lets Encrypt Check';
 ?>
diff --git a/interface/web/admin/lib/lang/tr_server_config.lng b/interface/web/admin/lib/lang/tr_server_config.lng
index d188bd83a1..4fbc90cb8c 100644
--- a/interface/web/admin/lib/lang/tr_server_config.lng
+++ b/interface/web/admin/lib/lang/tr_server_config.lng
@@ -281,4 +281,5 @@ $wb['xmpp_port_pastebin_txt'] = 'Pastebin';
 $wb['xmpp_port_bosh_txt'] = 'BOSH';
 $wb['disable_bind_log_txt'] = 'Disable bind9 messages for Loglevel WARN';
 $wb['apps_vhost_enabled_txt'] = 'Apps-vhost enabled';
+$wb['skip_le_check_txt'] = 'Skip Lets Encrypt Check';
 ?>
diff --git a/interface/web/admin/templates/server_config_web_edit.htm b/interface/web/admin/templates/server_config_web_edit.htm
index 16060cf961..4d5113efe8 100644
--- a/interface/web/admin/templates/server_config_web_edit.htm
+++ b/interface/web/admin/templates/server_config_web_edit.htm
@@ -183,6 +183,10 @@
                 <div class="form-group">
                     <label for="CA_pass" class="col-sm-3 control-label">{tmpl_var name='CA_pass_txt'}</label>
                     <div class="col-sm-9"><input type="password" name="CA_pass" id="CA_pass" value="{tmpl_var name='CA_pass'}" autocomplete="new-password" class="form-control" /></div></div>
+				<div class="form-group">
+					<label class="col-sm-3 control-label"><tmpl_var name="skip_le_check_txt"></label>
+					<div class="col-sm-9"><tmpl_var name="skip_le_check"></div>
+				</div>
 	  <!-- End content -->
 	  </div>
 	</div>
diff --git a/server/plugins-available/apache2_plugin.inc.php b/server/plugins-available/apache2_plugin.inc.php
index 57cdd98bf7..31952c3c3c 100644
--- a/server/plugins-available/apache2_plugin.inc.php
+++ b/server/plugins-available/apache2_plugin.inc.php
@@ -1226,12 +1226,16 @@ class apache2_plugin {
 			
 			$le_domains = array();
 			foreach($temp_domains as $temp_domain) {
-				$le_hash_check = trim(@file_get_contents('http://' . $temp_domain . '/.well-known/acme-challenge/' . $le_rnd_file));
-				if($le_hash_check == $le_rnd_hash) {
+				if(isset($web_config['skip_le_check']) && $web_config['skip_le_check'] == 'y') {
 					$le_domains[] = $temp_domain;
-					$app->log("Verified domain " . $temp_domain . " should be reachable for letsencrypt.", LOGLEVEL_DEBUG);
 				} else {
-					$app->log("Could not verify domain " . $temp_domain . ", so excluding it from letsencrypt request.", LOGLEVEL_WARN);
+					$le_hash_check = trim(@file_get_contents('http://' . $temp_domain . '/.well-known/acme-challenge/' . $le_rnd_file));
+					if($le_hash_check == $le_rnd_hash) {
+						$le_domains[] = $temp_domain;
+						$app->log("Verified domain " . $temp_domain . " should be reachable for letsencrypt.", LOGLEVEL_DEBUG);
+					} else {
+						$app->log("Could not verify domain " . $temp_domain . ", so excluding it from letsencrypt request.", LOGLEVEL_WARN);
+					}
 				}
 			}
 			$temp_domains = $le_domains;
diff --git a/server/plugins-available/nginx_plugin.inc.php b/server/plugins-available/nginx_plugin.inc.php
index 55d2b19151..25060962f3 100644
--- a/server/plugins-available/nginx_plugin.inc.php
+++ b/server/plugins-available/nginx_plugin.inc.php
@@ -1299,12 +1299,16 @@ class nginx_plugin {
 			
 			$le_domains = array();
 			foreach($temp_domains as $temp_domain) {
-				$le_hash_check = trim(@file_get_contents('http://' . $temp_domain . '/.well-known/acme-challenge/' . $le_rnd_file));
-				if($le_hash_check == $le_rnd_hash) {
+				if(isset($web_config['skip_le_check']) && $web_config['skip_le_check'] == 'y') {
 					$le_domains[] = $temp_domain;
-					$app->log("Verified domain " . $temp_domain . " should be reachable for letsencrypt.", LOGLEVEL_DEBUG);
 				} else {
-					$app->log("Could not verify domain " . $temp_domain . ", so excluding it from letsencrypt request.", LOGLEVEL_WARN);
+					$le_hash_check = trim(@file_get_contents('http://' . $temp_domain . '/.well-known/acme-challenge/' . $le_rnd_file));
+					if($le_hash_check == $le_rnd_hash) {
+						$le_domains[] = $temp_domain;
+						$app->log("Verified domain " . $temp_domain . " should be reachable for letsencrypt.", LOGLEVEL_DEBUG);
+					} else {
+						$app->log("Could not verify domain " . $temp_domain . ", so excluding it from letsencrypt request.", LOGLEVEL_WARN);
+					}
 				}
 			}
 			$temp_domains = $le_domains;
-- 
GitLab